Skip to content
Please note. This document is a tailored template provided for convenience and is not legal advice. Before you rely on it, please have it reviewed and adapted by a lawyer qualified in Norwegian and EEA consumer and data-protection law.

Last updated: 5 July 2026

1. Who we are

This Privacy Policy explains how Northern Horizon collects and uses personal data when you use our website (northernhorizon.no), contact us, or book a Tour. Northern Horizon is the data controller for the processing described here, and you can reach us at contact@northernhorizon.no.

We process personal data in accordance with the EU/EEA General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).

2. A note on bookings and payments

Bookings and payments are taken through a checkout provided by our partner Panion (Peeps Travel), embedded on our site. When you book and pay, the personal and payment data you enter into that checkout is collected and processed by Panion as the merchant of record, through its payment processor (Stripe), and by the Bokun reservation system used to operate the Tour. That processing is governed by Panion's own privacy notice: panion.travel/legal/privacy. Northern Horizon does not run a customer database and does not receive or store your full card details.

3. What data we collect and why

DataPurposeLegal basis (GDPR)
Name, email and message you send through our contact formTo receive and reply to your enquiryArt. 6(1)(b) steps at your request, and Art. 6(1)(f) our legitimate interest in answering enquiries
Usage and device data collected by analytics (for example pages viewed, approximate location, browser type)To understand how the site is used and improve itArt. 6(1)(a) consent, given through our cookie banner

We do not use your data for automated decision-making that produces legal effects, and we do not sell your personal data.

4. Cookies and analytics

We use a small number of cookies. Analytics (Google Analytics) only loads after you accept it through the cookie banner. For the full list and how to change your choice, see our Cookie Policy.

5. Who we share data with

We use a small set of trusted service providers (processors) to run the site and our services. Each handles data only on our instructions, under a data processing agreement where required:

  • Panion (Peeps Travel) and Bokun (a Tripadvisor company), and Stripe through Panion: booking, payment and reservation management. Panion acts as a separate controller for the booking and payment it processes.
  • Resend: delivers the email generated by our contact form to our team.
  • Google (Google Analytics): website analytics, only after you consent.
  • Cloudflare: website hosting and delivery.
  • Sanity: content management for the pages you read on the site.
  • Public authorities where we are required to disclose data by law.

6. International transfers

Some providers process data outside Norway and the European Economic Area, typically in the United States. Where they do, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, certification under the EU-US Data Privacy Framework. You can ask us for more detail at contact@northernhorizon.no.

7. How long we keep data

  • Contact-form emails: kept for as long as needed to deal with your enquiry and a reasonable period afterwards, then deleted.
  • Analytics data: retained by Google for up to 14 months, then aggregated or deleted.
  • Booking and payment records: held by Panion and Bokun under their own retention rules.

8. Your rights

Under the GDPR you have the right to access your personal data, to have inaccurate data corrected, to have data erased, to restrict or object to processing, to data portability, and to withdraw consent at any time (without affecting processing already carried out). To exercise any of these rights, contact us at contact@northernhorizon.no.

If you are unhappy with how we handle your data, you may complain to the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no, or to the supervisory authority in your EEA country of residence.

9. Security

We use appropriate technical and organisational measures, including encryption in transit, to protect personal data. No method of transmission over the internet is completely secure, but we work to keep your data safe.

10. Children

The website is not directed at children, and we do not knowingly collect data from anyone under 15 (the Norwegian age of digital consent). Children join our Tours under a booking made by an accompanying adult.

11. Changes to this policy

We may update this Privacy Policy from time to time. The latest version is always available on this page.